Cyber Incident Victim: AcFun

On June 13, 2018, Chinese video-sharing platform AcFun disclosed a significant cybersecurity breach affecting millions of user accounts through an official statement released early that morning. The incident involved unauthorized access to sensitive user data, including user IDs, nicknames, and passwords belonging to nearly 10 million registered users. AcFun immediately initiated an internal investigation upon detecting the breach, collecting digital evidence to support forensic analysis. The company formally reported the incident to law enforcement authorities, though specific details about the attack methodology or potential perpetrators were not disclosed publicly. This breach represented a major security failure for the platform, which specialized in hosting user-generated videos with overlaid comment features and maintained a substantial user base since its 2007 founding.

The compromised credentials exposed users to potential account hijacking and credential stuffing attacks across other platforms, particularly for those who reused passwords. AcFun issued specific guidance urging all users, especially those with simple passwords, to immediately change their credentials both on AcFun and any other services where they might have employed identical passwords. The company publicly apologized for the security lapse and committed to strengthening data protection measures, though no technical specifics about security upgrades were provided. This incident occurred during a transitional period for AcFun, having been acquired by rival platform Kuaishou just eight days prior on June 5, 2018. Kuaishou, backed by Tencent Holdings, inherited both the platform's operational challenges and the reputational damage from the breach, which undermined user trust in AcFun's data stewardship capabilities at a critical juncture in its corporate history.